article

The Identity (of Things) Crisis

If you listen to the persistent murmur in the market surrounding the Internet of Things right now, you'd believe that it's all about sensors. Sensors and big data. Sensors that monitor everything from entertainment habits to health status to more mundane environmental data about your home and office.

to a certain degree this is accurate. The Internet of Things comprises, well, things. But the question that must be asked - and is being asked in some circles - is not only where that data ends up but how organizations are going to analyze it and, more importantly, monetize it.

But there's yet another question that needs to be asked and answered - soon. Assuming these things are talking to applications (whether they reside in the cloud or in the corporate data center) and vice-versa, there must be some way to identify them - and the people to whom they belong.

There is already a significant burden placed on IT and infrastructure to control access to applications. Whether it's employees or customers, the burden is very real and has been increased substantially with the introduction of mobile platforms from which users can now access a variety of applications.

A recent Ponemon Study conducted on behalf of Netskope revealed an average of 25,180 computing devices connected to networks and/or enterprise systems. Very few of the organizations in the study could claim to have a comparable number of employees using those devices; it's more the case that there are 2 or 3 or event 4 devices per employee at this point in time.

But the identity of the user is still the same, and it's their role and "need to know" upon which application access must be based. The access services which allow those users to engage with an application must be able to take into consideration identity but device and, increasingly, location.

According to enterprise executives in a Vodafone M2M adaption report (2013), 78% of them expect machine to machine (M2M) interaction to be core to their successful business initiatives in the future. Even assuming these things do nothing but collect data, you can bet at some point their owners will want to visualize that data; to look at it, examine it, and understand what it's telling them.

Which means an application, yes, but more than that it means that the exchange of the sensor data in the first place must be tied to an identity. To a real person. To a customer or employee. And because that data is specific to a person there will be privacy concerns. There's no reason for you to know how hot I like the water in my bath, or how many times I open my refrigerator in the middle of the night. But I may want to know, and thus the things in my home, my car, and my office need to be tied to me and secured against access by others.

It's also naive to think that things will necessarily be peculiar to a specific provider. The app economy will be driven by apps (and services) that interact with things that may be manufactured by one company, but will have services provided for them by many others. That's one of the ways in which the Internet of Things is going to drive value for all sorts of organizations - apps that provide value added services by interacting with things.

All this means that there will be a significant increase in demand on not just identity systems but access services. Already such systems and services are taxed by the increasing need to interpret requests for access within the context of not just identity but device and network as well. Things will need to be identified in such context as well, to ensure that the "thing" should even be talking to apps you provide in the first place and that the "thing" is owned by an employee or customer of yours.

Access and identity services will need to be more scalable, more flexible, and highly dynamic to adapt to the needs of the internet of things without buckling under the burden. They will need to be context aware and able to discern at the logical perimeter whether or not access should or should not be granted.

The secret to winning the game of the Internet of Things is not only going to be recognizing the opportunity for a new service or application or thing, but also on having an infrastructure in place that's going to be able to meet the sudden and wholly desirable increase in demand on relevant services and applications. Auto-scaling will be table stakes, but not just apps but for their supporting identity and access services, too. Both will need an adaptable architecture upon which to run.